Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-31044

[Azure-File] volume mount failed in multiple payload images

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • 4.16.0
    • 4.16
    • Storage / Operators
    • None
    • Critical
    • Yes
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Azure-File volume mount failed, it happens on arm cluster with multi payload
      
      $ oc describe pod
        Warning  FailedMount       6m28s (x2 over 95m)  kubelet            MountVolume.MountDevice failed for volume "pvc-102ad3bf-3480-410b-a4db-73c64daeb3e2" : rpc error: code = InvalidArgument desc = GetAccountInfo(wduan-0319b-bkp2k-rg#clusterjzrlh#pvc-102ad3bf-3480-410b-a4db-73c64daeb3e2###wduan) failed with error: Retriable: true, RetryAfter: 0s, HTTPStatusCode: -1, RawError: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/wduan-0319b-bkp2k-rg/providers/Microsoft.Storage/storageAccounts/clusterjzrlh/listKeys?api-version=2021-02-01: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Post "https://login.microsoftonline.com/6047c7e9-b2ad-488d-a54e-dc3f6be6a7ee/oauth2/token": dial tcp 20.190.190.193:443: i/o timeout'
      

       

      The node log reports:
      W0319 09:41:30.745936 1 azurefile.go:806] GetStorageAccountFromSecret(azure-storage-account-clusterjzrlh-secret, wduan) failed with error: could not get secret(azure-storage-account-clusterjzrlh-secret): secrets "azure-storage-account-clusterjzrlh-secret" is forbidden: User "system:serviceaccount:openshift-cluster-csi-drivers:azure-file-csi-driver-node-sa" cannot get resource "secrets" in API group "" in the namespace "wduan"

       

       
       

      Checked the role looks good, at least the same as previous: 
      $ oc get clusterrole azure-file-privileged-role -o yaml
      ...
      rules:
      - apiGroups:
        - security.openshift.io
        resourceNames:
        - privileged
        resources:
        - securitycontextconstraints
        verbs:
        - use

       

      Version-Release number of selected component (if applicable):

      4.16.0-0.nightly-multi-2024-03-13-031451

      How reproducible:

      2/2

      Steps to Reproduce:

          1. Checked in CI, azure-file cases failed due to this
          2. Create one cluster with the same config and payload, create azure-file pvc and pod
          3.
          

      Actual results:

      Pod could not be running    

      Expected results:

      Pod should be running 

      Additional info:

          

            rbednar@redhat.com Roman Bednar
            wduan@redhat.com Wei Duan
            Penghao Wang Penghao Wang
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: